Comptia (CS0-002) Exam Questions And Answers page 9
Which of the following secure coding techniques can be used to prevent cross-site request forgery attacks?
Output encoding
Parameterized queries
Tokenization
Threat Management
Cyber Incident Response
A security analyst is investigating a malware infection that occurred on a Windows system. The system was not connected to a network and had no wireless capability. Company policy prohibits using portable media or mobile storage. The security analyst is trying to determine which user caused the malware to get onto the system. Which of the following registry keys would MOST likely have this information?
HKEY_USERS\\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\\Software\Microsoft\Windows\explorer\MountPoints2
HKEY_USERS\\Software\Microsoft\Internet Explorer\Typed URLs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\iusb3hub
Security Operations and Monitoring
A security analyst has received reports of very slow, intermittent access to a public-facing corporate server. Suspecting the system may be compromised, the analyst runs the following commands:
Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?
Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?
Run crontab -r; rm -rf /tmp/.t to remove and disable the malware on the system.
Examine the server logs for further indicators of compromise of a web application.
Run kill -9 1325 to bring the load average down so the server is usable again.
Perform a binary analysis on the /tmp/.t/t file, as it is likely to be a rogue SSHD server.
Security Operations and Monitoring
Portions of a legacy application are being refactored to discontinue the use of dynamic SQL. Which of the following would be BEST to implement in the legacy application?
Input validation
SQL injection
Parameterized queries
Web-application firewall
Multifactor authentication
Security Architecture and Tool Sets
Security Operations and Monitoring
A security analyst is reviewing the following log from an email security service.
Which of the following BEST describes the reason why the email was blocked?
Which of the following BEST describes the reason why the email was blocked?
The To address is invalid.
The email originated from the www.spamfilter.org URL.
The IP address and the remote server name are the same.
The IP address was blacklisted.
The From address is invalid.
Security Architecture and Tool Sets
Security Operations and Monitoring
Which of the following is a best practice when sending a file/data to another individual in an organization?
When encrypting, split the file, and then compress each file.
Encrypt and then compress the file.
Encrypt the file but do not compress it.
Compress and then encrypt the file.
Security Operations and Monitoring
Which of the following would a security engineer recommend to BEST protect sensitive system data from being accessed on mobile devices?
Use a UEFI boot password
Implement a self-encrypted disk
Configure filesystem encryption
Enable Secure Boot using TPM
Threat Management
Security Operations and Monitoring
A security analyst needs to perform a search for connections with a suspicious IP on the network traffic. The company collects full packet captures at the Internet gateway and retains them for one week. Which of the following will enable the analyst to obtain the BEST results?
tcpdump n r internet.pcap host
strings internet.pcap | grep
grep a internet.pcap
npcapd internet.pcap | grep
Security Operations and Monitoring
A company recently experienced financial fraud, which included shared passwords being compromised and improper levels of access being granted. The company has asked a security analyst to help improve its controls. Which of the following will MOST likely help the security analyst develop better controls?
An evidence summarization
An incident response plan
A lessons-learned report
An indicator of compromise
Threat Management
Cybersecurity Tool Sets
An organization recently discovered some inconsistencies in the motherboards it received from a vendor. The organization s security team then provided guidance on how to ensure the authenticity of the motherboards it received from vendors. Which of the following would be the BEST recommendation for the security analyst to provide?
The organization should use a certified, trusted vendor as part of the supply chain.
The organization should evaluate current NDAs to ensure enforceability of legal actions.
The organization should maintain the relationship with the vendor and enforce vulnerability scans.
The organization should ensure all motherboards are equipped with a TPM.
Threat Management
Comments